Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1451
Views
10
Helpful
2
Replies

What are the high level steps involved while installing Firepower module on ASA 5545-X in Active/Standby state ?

damode
Level 1
Level 1

‎05-13-2018 09:40 PM - edited ‎02-21-2020 07:45 AM

We have two 5545-X ASAs in active/standby mode that currently run sfr module 5.4.0.8.

 

Our plan is to upgrade our FMC from 5.4.1.7 to 6.2.0.5 through proper upgrade process. However, for our ASAs, we are planning to re-image them straight to 6.2.0 and patch 6.2.0.5.

 

My main question here is, can I install firepower module on standby first and then install on active firewall without having to do a failover ?

Labels:
0 Helpful
2 Replies 2

yogdhanu
Cisco Employee
Cisco Employee

‎05-14-2018 12:34 AM

Hi

 

Yes, you can. the modules installation is independent of ASA failover. You can install the module on both 1 by 1 and then configured the service policy later without having do failover or affecting traffic before the redirection is configured.

 

Hope it helps.

Yogesh

 

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to yogdhanu

‎05-14-2018 08:26 AM

@yogdhanu

 

Note that service-module health is a failover criterion by default. It can be disabled since ASA 9.3(1) and higher.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200944-Disable-Service-Module-Monitoring-on-ASA.html

 

If you don't disable the monitoring, shutdown or reload of a Firepower module on the active unit will cause a failover event (or status of "not ready" in case it is reloaded on a standby unit).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card